Generative artificial intelligence tools may already be helping scammers steal your data quicker, experts say.
Phishing emails work by impersonating an official email and tricking readers into clicking a link to malware or giving away their personal passwords.
And text-based AI chatbots like ChatGPT are built for impersonating people, making them incredibly useful time-saver for phishers who need a convincing email.
How AI Is Improving Phishing Email: Better Spelling, Longer Messages
Cybersecurity experts at the UK firm Darktrace say that “data suggests” an increasing number of phishing emails are written by AI bots.
The result is better grammar and spelling, as well as longer messages — essentially the removal of any giveaways that people could once rely on to signal they were reading a fake email. Automatic spam filters may also fail to spot these new types of spam email as well.
“Even if somebody said, ‘don’t worry about ChatGPT, it’s going to be commercialized,’ well, the genie is out of the bottle. What we think is having an immediate impact on the threat landscape is that this type of technology is being used for better and more scalable social engineering: AI allows you to craft very believable ‘spear-phishing’ emails and other written communication with very little effort, especially compared to what you have to do before.” –Max Heinemeyer, chief product officer at Darktrace
A new warning, issued from European agency Europol, relies on these findings from firms like Darktrace to highlight AI as a new threat in the world of phishing emails.
Interestingly, AI chatbots like ChatGPT come with safeguards aimed at preventing them from being used for criminal actions, but these can be overridden easily. Users simply talk to the chatbot as if it's a person, convincing it to go against its own programming with a flimsy excuse: Cybersecurity firm Check Point says it was able to trick ChatGPT into generating a phishing email by telling the chatbot that it was creating the email template in order to help with an employee awareness program.
These emails are already a huge concern in the business world, too: The official term for phishing in a business context, “Business email compromise,” accounted for 19,954 complaints and a total lost value of $2.4 billion in 2021 alone.
Will AI Change the World?
We've talked about the power of AI technology for decades, and businesses have used machine learning algorithms for years. But recent advancements have brought new forms of text and image AI programs to mainstream audiences, and they're better than ever.
In the end, AI is just a tool. It won't make the world worse, but it can speed up the ways in which the world isn't doing so great currently.
Businesses are already using them to do what businesses do under capitalism: Cut costs by replacing workers whenever possible. AI chatbots are already writing travel guides at Buzzfeed and helping code websites, among many other business uses. A recent report from Goldman Sachs predicts up to 300 million jobs, or 7% of jobs in the US, could be replaced with generative AI.
Hopefully, none of those 300 million people will fall for an AI-powered phishing email while job-seeking — that's just salt on the wound.